Agency Information Guide
The Information and Privacy Commission NSW (IPC) has published its Agency Information Guide (AIG) in accordance with section 20 of the Government Information (Public Access) Act 2009 (GIPA Act). It provides a mechanism to make government information accessible, promote currency of information and appropriate release, and support the management of government information as a strategic asset.
The AIG appears below or can be viewed and downloaded here IPC Agency Information Guide, updated March 2022.
The Information and Privacy Commission NSW (IPC) is committed to ensuring that citizens can access its information easily and at the lowest reasonable cost.
Given our regulatory role, we have a mandated focus and commitment to access to government information. We especially support the broad object of the Government Information (Public Access) Act 2009 (GIPA Act) to advance a system of responsible and representative democratic Government that is open, accountable, fair and effective. We also uphold the specific presumption in the Act in favour of the disclosure of government information unless there is an overriding public interest against disclosure.
Agency Information Guides (AIGs) play an important role in promoting access to information, supporting participation and contributing to Open Government. As government transforms service delivery through the application of digital technologies, information should be more readily accessible to citizens. New ways of storing, locating and providing information become available through digital technology and agencies have new opportunities to uphold their responsibilities to make information available.
This AIG is published in accordance with section 20 of the GIPA Act and provides a mechanism to make government information accessible, promote currency of information and appropriate release, and support the management of government information as a strategic asset.
The purpose of this IPC AIG is to provide general information on the:
- structure and functions of the IPC
- ways in which the functions of the IPC, including the decision-making functions, affect members of the public
- specific arrangements in place to enable members of the public to participate in the formulation of IPC policy and the exercise of IPC functions
- kinds of government information held by the IPC
- kinds of government information held by the IPC that is made publicly available
- manner in which the IPC makes or will make government information publicly available
- kinds of information that are (or will be) made publicly available free of charge and those kinds for which a charge is (or will be) imposed.
Where appropriate, links have been provided to documents, reports, data and other information throughout this AIG.
This AIG is reviewed at least every 12 months and is available from the IPC website at www.ipc.nsw.gov.au/about-us/accessing-ipc-information/agency-information-guide. The IPC values your feedback on this AIG to ensure the highest levels of accessibility are achieved. You can provide feedback via email at email@example.com or by phone on 1800 472 679.
IPC CEO, Information Commissioner
NSW Open Data Advocate
The IPC was established on 1 January 2011 under the Privacy and Government Information Legislation Amendment Act 2010 by merging the Office of the Information Commissioner and Privacy NSW. The Bill established the Information Commissioner as Chief Executive Officer of the IPC.
The IPC is a separate agency that administers NSW legislation dealing with privacy and access to government information. The IPC supports the Information Commissioner and the Privacy Commissioner in fulfilling their statutory responsibilities and functions to ensure that individuals and agencies can access consistent information, guidance and training on information access and privacy matters.
More information about the IPC is available in the About Us section on the IPC website.
The IPC was established to provide a single place for agencies and the community to seek information and assistance with information access and privacy rights in NSW. The IPC promotes and protects privacy and information access rights in NSW by:
- providing information, advice, assistance and training for agencies and individuals on privacy and access matters
- reviewing the performance and decisions of agencies under the GIPA Act
- investigating and conciliating complaints relating to regulated entities
- providing feedback and advice to Government about the legislation and relevant developments in the law and technology.
The IPC takes a contemporary, proactive regulatory approach. Its regulatory and business efforts are aimed at ensuring that the IPC and regulated entities operate in ways that advance information access and privacy protection for the citizens of NSW. Further information about the IPC’s regulatory approach is contained in the Regulatory Framework and associated plans and policies.
The functions of the IPC are overseen by the NSW Committee on the Ombudsman, the Law Enforcement Conduct Commission and the Crime Commission.
The Information Commissioner administers the following legislation:
- Government Information (Public Access) Act 2009 (NSW) (GIPA Act)
- Government Information (Public Access) Regulations 2018 (NSW) (GIPA Regulations), and
- Government Information (Information Commissioner) Act 2009 (NSW) (GIIC Act).
The Information Commissioner has the power to review decisions made by other NSW government agencies and deal with complaints about information access, undertake investigations, monitor agency functions and report to the Attorney General and the Minister for Customer Service and Digital Government about proposals for legislative or administrative change.
Additionally, the Information Commissioner provides feedback about the legislation and relevant developments in the law and technological change as it impacts on information access.
The Information Commissioner is also:
- an investigating authority under the Public Interest Disclosures Act 1994
- the NSW Open Data Advocate.
In the role of Open Data Advocate, the Information Commissioner encourages the proactive public release of government information by agencies in ways that are respectful of data sharing safeguards, and provides information, advice and assistance to agencies and the NSW public on access to government information. The role also provides advice to the Data Analytics Centre (DAC) and across NSW Government on the proactive release of non-personal data. The role of Open Data Advocate aligns with the functions of the Information Commissioner under the GIPA Act, in particular with authorising and encouraging the proactive public release of government information by agencies. The work of the Open Data Advocate is underpinned by the Open Data Policy and Action Plan. Further information is available from data.nsw.gov.au.
The Privacy Commissioner administers the following legislation:
- Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act)
- Privacy and Personal information Protection Regulation 2014 (NSW) (PPIP Regulation)
- Health Records and Information Privacy Act 2002 (NSW) (HRIP Act)
- Health Records and Information Privacy Regulation 2012 (NSW) (HRIP Regulation)
The Privacy Commissioner’s role includes promoting privacy; preparing reports; recommending legislative, administrative or other action in the interests of privacy; and conducting inquiries and investigations into privacy related matters.
The Privacy Commissioner also oversees the conduct of internal reviews by regulated entities and deals with complaints about privacy related matters. The Privacy Commissioner has the power to receive, investigate and conciliate complaints made against an agency, health service provider or organisation holding health information. The Privacy Commissioner reports to ministers responsible for the above legislation about proposals for legislative or administrative change.
The IPC has corporate functions and obligations that it’s required to fulfil including the effective and efficient management of:
- annual reporting
- information technology
- legislative compliance
- corporate governance.
These functions are conferred on the IPC under a number of Acts. Some of the key Acts include the:
- Government Sector Employment Act 2013 – employment of staff
- Government Information (Public Access) Act 2009 – publication of certain government information and granting access to other information
- Privacy and Personal Information Protection Act 1998 – standards and requirements for collection and use of personal information
- Work Health and Safety Act 2011 – requirements for healthy and safe work practices
- Workplace Injury Management and Workers Compensation Act 1998 – management of injury and return to work
- Annual Reports (Departments) Act 1985 – requirements for annual reporting
- Government Sector Finance Act 2018 – management and administration of financial affairs
- Public Interest Disclosures Act 1994 – requirements for dealing with complaints under the Act.
The IPC is supported to undertake many of these functions by the Department of Customer Service.
3. Organisational structure
The IPC is a separate agency under Schedule 1 of the Government Sector Employment Act 2013 (GSE Act) and the Information Commissioner is appointed as agency head and is responsible to the relevant Minister. As the agency head, the Information Commissioner is responsible for the budget and the general administration of the IPC, including employing and allocating staff to carry out work.
The NSW Committee on the Ombudsman, the Law Enforcement Conduct Commission and the Crime Commission oversees the functions of the Information Commissioner and Privacy Commissioner. The Information Commissioner reports to the NSW Parliament on the operation of the GIPA Act. The Privacy Commissioner reports to the NSW Parliament on the operation of the PPIP Act and the HRIP Act.
The Information Commissioner, Elizabeth Tydd, was appointed under the Government Information (Information Commissioner) Act 2009 for a term of five years. Ms Tydd was appointed on 23 December 2013 and re-appointed for a further five-year term in December 2018.
The Privacy Commissioner, Samantha Gavel, was appointed under the Privacy and Personal Information Protection Act 1988 for a term of three years. Ms Gavel was appointed on 4 September 2017 and re-appointed for a further three year term in September 2020.
The IPC has four business units to assist the CEO in the exercise of its. These units are:
- Communication and Corporate Affairs – strategically informs, shapes and delivers the IPC’s regulatory message to stakeholders
- Legal Counsel and Regulatory Advice – develops regulatory advice, reporting and intelligence services to support the IPC and the Commissioners
- Investigation and Review – delivers the IPC’s and Commissioners’ regulatory functions to promote compliance with the legislation and support members of the public to access their rights
- Systems and Corporate Services – provides HR, IT, procurement and other business services in conjunction with external providers.
See the full copy of the IPC’s corporate structure on the IPC website.
Each year, the IPC reports on its activities over the course of the year through its Annual Report. See the IPC website for all published Annual Reports to date.
3.1 IPC contact details
For further information, you can contact the IPC using the details below:
Level 15, McKell Building 2-24 Rawson Place, Haymarket NSW 2000
COVID-19: The IPC is providing service as normal, however are not taking in-person enquiries. To contact the IPC, please email or phone.
4. How the IPC engages with the public and its stakeholders
4.1 Public participation
The IPC is committed to promoting public participation and establishing arrangements that support members of the public to participate in the formulation of policies and the exercise of its functions.
The IPC recognises the importance of public involvement in the development of policy and service delivery. Engaging with and maintaining public participation ensures that the needs and expectations of the public are considered in the business of government and can deliver meaningful improvement in policy outcomes and service delivery.
Throughout the year the IPC looks for opportunities to engage directly with the public, to seek input on its work, in the exercise of its functions and on important issues affecting information access and privacy rights.
Each year the IPC engages directly with the public through Privacy Awareness Week in May, and Right to Know Week in September. These events are detailed on the IPC Campaigns and Key Events page on the IPC website.
4.2 IPC engagement channels
The IPC engages with the public regularly through a number of electronic channels, to provide a fast and easy way for the public to engage, seek assistance or provide feedback.
When considering any consultation with the NSW community, the IPC takes into consideration what it is asking, why it is asking it, and who it wants to ask. This informs which channel will be used to conduct the consultation or survey.
The IPC uses its website, social media, email groups and other communication channels to let people know when it is conducting public consultations. The IPC will provide you with the necessary information to understand the purpose of any consultation it does.
The IPC conducts surveys to obtain the views of its stakeholders to inform the statutory reports of the Commissioners and the IPC’s broader regulatory work. Survey results assist in understanding citizen’s knowledge and awareness of information access and privacy legislation, key themes and trends. This information is used to inform the development of regulatory resources. The IPC proactively publishes the results from the surveys conducted on its website and these results are generally available as part of its reports.
The IPC website is used to provide the public with resources and information about regulatory functions and activities, awareness campaigns, submissions, events, policies, news and developments. Members of the public can use the Contact us section of the website to get in touch and provide feedback on its activities and functions. The website can be accessed at www.ipc.nsw.gov.au.
The IPC website details the release of new information through a number of links, particularly resources on information access and privacy, as well as specific information that was developed or updated as a result of the COVID-19 pandemic. There are landing pages for information access and privacy, with quick links to simplify finding information. Recently, the IPC commenced publishing its Compliance Audit Calendar and Privacy Proactive Regulatory Initiatives Calendar. The IPC continues to publish compliance reports for information access and privacy.
The IPC Twitter account (@IPCNSW) is used to provide the public with instantaneous information about news, publications, consultations, campaigns, and other areas of interest relating to the IPC. The IPC Twitter account is monitored during office hours. Members of the public can join the conversation, however the IPC may not be able to respond individually to all the messages that it receives via Twitter. Additionally, given the character limitation on Twitter, the IPC may request that you contact it directly via other channels to complete your enquiry.
The IPC Facebook account is used to provide information to citizens on information access and privacy matters and raise public awareness about their rights under NSW information access and privacy legislation. The IPC Facebook account is also monitored during office hours. Members of the public are able to send direct messages via Facebook, however it is requested that you contact the IPC via its other channels to complete your enquiry.
The IPC LinkedIn account is used to promote and encourage connection with the IPC by other organisations and agencies. Where possible, this channel is used to promote events, launches and proactive campaigns for Right to Know Week and Privacy Awareness Week.
Have Your Say is a website that enables NSW Government agencies to publicise consultations being conducted throughout the state. The site provides a central place for the public to search via their location and/or by topic to discover consultations that interest them.
It enables them to share their views and ideas on Government plans to improve services, the economy and infrastructure in NSW. We use Have Your Say as an additional channel whenever we commence a consultation.
The IPC receives agency reports containing data on GIPA obligations and these reports are used by the IPC as the basis for the Information Commissioner’s annual Report on the Operation of the Government Information (Public Access) Act 2009, across all agencies and dis-aggregated to the sector level.
As part of the IPC’s commitment to Open Data and transparency in government, and support of the NSW Government’s Open Data Policy (2020) the online agency-level GIPA data has been made more accessible by publishing it in a form that allows deeper analysis and comparisons.
OpenGov NSW is a website that allows NSW Government agencies to make information available to the public including annual reports and open access information released under the GIPA Act. The IPC utilises this channel to publish annual reports, and to proactively release open access information for the public.
IPAC is an advisory body to the Information Commissioner and the Privacy Commissioner. Members of IPAC are appointed by the NSW Attorney General and Minister for Customer Service from representatives of the public providing opportunity for the community to participate and contribute to the advancement of information access and privacy rights.
4.3 Feedback and complaints
The IPC welcomes input and feedback from the public, community organisations and government agencies regarding its services and publications. The IPC receives a range of diverse correspondence and complaints through a variety of channels including via the IPC website, emails, letters, phone calls and social media.
Members of the public are encouraged to provide feedback on IPC services and publications. This feedback is important to the IPC and assists in informing its policies and publications, and improving its services.
The IPC publishes the results of its client satisfaction surveys annually in its Annual Report. The link is available below:
The IPC is committed to responding to feedback and complaints in accordance with the IPC Service Charter.
All feedback and complaints are dealt with confidentially and personal information is managed in accordance with the privacy protection principles in the PPIP Act. Further information about how the IPC handles personal information is available in the IPC Privacy Management Plan.
You can provide feedback by using the contact details contained in section 3.1 of this document.
4.4 How to provide input on regulatory activities
As an agency that administers NSW information access and privacy legislation, a key part of the IPC’s work is delivered through regulatory functions and activities. These relate primarily to the review, complaint, reporting, investigative and advisory work of the IPC.
The Regulatory Framework, which combined with the IPC Regulatory Plan 2020 - 2022, sets out the regulatory approach and priorities in promoting compliance and protecting information access rights and privacy.
The IPC uses a range of approaches to deliver the compliance activities identified as necessary to achieve regulatory objectives and to influence long-term cultural change for better information access by agencies. This involves the examination of process and legislative requirements to inform development of regulatory activities and resources. The development of individual regulatory activities creates an opportunity for meaningful engagement with both agencies and citizens in raising awareness and understanding of the GIPA Act. The engagement is designed to be achieved through the mechanisms outlined in section 4.2 of this AIG.
Through the review of agency decisions and complaints received, the public plays an important role in informing the Information Commissioner on systemic issues, themes and developing trends, and informs the development of the IPC Regulatory Plan each year.
In addition, the IPC welcomes other feedback from the public on agency compliance, including concerns about accessing information under the GIPA Act.
You can provide feedback by using the contact details contained in section 3.1 of this document. The IPC also seeks out feedback from the NSW community and its stakeholders on its regulatory activities through its website.
The IPC holds a range of information including:
- policy and planning documents
- documents on the internal administration of the agency
- internal working papers of the agency
- documents prepared for submission to the NSW Committee on the Ombudsman, the Law Enforcement Conduct Commission and the Crime Commission
- documents relating to complaints, audits, reviews and investigations conducted by the Information Commissioner and the Privacy Commissioner
- correspondence with NSW government agencies
- correspondence with the public
- correspondence with other jurisdictions
- guidelines and directions issued by the Privacy Commissioner and the Information Commissioner
- submissions made by Commissioners to parliamentary and other inquiries
- advice provided by Commissioners to the Minister for Customer Service and Digital Government as required under the Digital Restart Fund Act 2020
- information resources for the community, public sector and private sector.
Some of this information can be accessed online at www.ipc.nsw.gov.au. If you find that you are having difficulties reading documents or other material, or if you cannot find the information you are seeking on the website, please contact the IPC using the details contained in section 3.1 of this document.
The IPC keeps records associated with its functions of reviewing agency decisions, providing advice and guidance to the public and regulated entities as well as other non-regulatory functions.
The IPC makes information available under the GIPA Act in four ways:
- as open access information
- through proactive release of information
- through informal access
- in response to a formal access application.
Information which is classified as open access information, is information that the IPC is required to make available. This information is made available unless it is not in the public interest to do so.
Open access information that the IPC makes available is generally via its website free of charge. This freely available information is generally provided through the following publications:
- IPC Annual Reports
- IPC Strategic Plan
- other documents tabled in Parliament concerning the IPC
- current agency policy documents
- all current privacy and information access guidelines and directions issued by the Privacy Commissioner and the Information Commissioner
- Register of government contracts and tenders
- the IPC’s disclosure log (section 6.6 of this guide provides further information about the IPC’s disclosure log)
- this IPC Agency Information Guide.
6.2 Proactive release of information
Through the disclosure of proactive information, the IPC aims to assist the public with access to other government information. The IPC discloses other government information that it holds that is not required by the GIPA Act in the form of open access and routinely identifies information for proactive release.
For example, in 2018 the IPC released the privacy impact assessment of the GIPA Tool pro-actively via its website. During 2022, the IPC will continue to look for opportunities to develop its proactive release.
Currently, proactively released information that is available on the IPC website includes:
- IPC Code of Conduct
- IPC Regulatory Framework
- IPC Regulatory Plan
- IPC Service Charter
- IPC Audit and Risk Committee Charter
- IPC Executive Team Charter
- IPC Open Government Plan
- IPC Diversity and Inclusion Action Plan
- IPC People and Culture Plan
- IPC Governance Framework and Action Plan
- Information and Privacy Advisory Committee (IPAC) Membership and Charter
- IPC CEO’s Instrument of Authorisation
- Information Commissioner's Executed Instrument of Delegation
- Privacy Commissioner’s Executed Instrument of Delegation
- IPC Continuous Disclosure Policy
- IPC Contracts Register Procedures
- IPC Corporate Complaints Handling Policy
- IPC Data Breach Policy
- IPC Dignity and Respect Policy
- IPC Enterprise Risk Management Policy and Framework
- IPC First Aid Policy
- IPC Framework for Proactive Risk and Intelligence-Based Compliance Program
- IPC Fraud Control Policy and Framework
- IPC Gifts and Benefits Policy
- IPC Human Resources Delegations
- IPC Internal Audit Manual and Charter
- IPC Internal Compliance Audit Manual
- IPC Legislative Compliance Register
- IPC Mental Health and Wellbeing Policy
- IPC Policy Framework
- IPC Privacy Internal Review Guidelines
- IPC Privacy Management Plan
- IPC Public Interest Disclosures Internal Reporting Policy
- IPC Social Media Policy
- IPC Speaking Engagement Policy
- IPC Sponsorship/Strategic Partnership Policy
- IPC Statement of Business Ethics
- IPC Unreasonable Client Conduct Policy
- IPC Work Health & Safety Plan 2021-2023
- Information Access and Privacy Excellence Award Policy
- GIPA Review Decisions
- Research on information access and research on privacy
- Information access case notes and privacy case notes
- Information Commissioner Investigation Reports
- Privacy Commissioner Investigation Reports
- Submissions to other agencies
- Commissioner presentations
- Trends in voluntary breach notification
- Quarterly reports on regulatory priorities
- Reports on the Operation of the Government Information (Public Access) Act 2009
- IPC Audit and Risk Committee documents, e.g. meeting minutes
- IPC GIPA Audit Work Program and Privacy Proactive Regulatory Initiatives Calendar
Members of the public can request information that is not available through its website. The IPC will endeavour to respond to these requests informally, and only require a formal access application in limited circumstances.
If the information is in the public interest to disclose, the information will be made available free of charge.
An informal request for access to information can be made by contacting the IPC’s Right to Information Officer – see contact details below at section 6.7.
After considering requests to informally access information, applicants who want to submit a formal access application can do so by contacting the Right to Information Officer.
To make a formal access application for information held by the IPC, an access application must:
- be in writing and
- sent by email to firstname.lastname@example.org; or
- lodged via post to Information and Privacy Commission GPO Box 7011 SYDNEY NSW 2001
- clearly indicate that it is a formal access application made under the GIPA Act
- state the name of the applicant and a postal or email address as the address for correspondence in connection with the application
- provide such information as is reasonably necessary to enable the government information applied for to be identified.
An applicant must disclose on their access application whether they have applied to another agency, at any time, for substantially the same information, and if so, they must identify the agency. However, an application will not be invalid if an applicant fails to make this disclosure.
A GIPA Access Application form for information held by the IPC is available on the IPC website.
Under section 127, of the GIPA Act, the IPC has exercised its discretion to waive all fees and charges associated with access applications. This supports the object of the GIPA Act, which is intended to facilitate access to government information at the lowest reasonable cost.
Applicants intending to make a formal application are encouraged to consider the impact of the excluded information provisions on the information that they intend to request access to. This is outlined in summary at section 6.5 of this AIG.
For further assistance, you can contact the IPC’s Right to Information Officer (section 6.7).
6.5 Excluded information
The GIPA Act prescribes that some information held by the IPC, which forms part of the complaint handling, review and investigative functions relating to the Information Commissioner and Privacy Commissioner, is excluded information.
This means that there is a conclusive presumption against the release of this information unless the release of the information has been consented to. An access application for this type of excluded information is considered an invalid access application under the GIPA Act.
The IPC maintains a disclosure log under section 25 of the GIPA Act which documents the information it releases in response to access applications, and that may be of interest to members of the public.
The disclosure log provides a mechanism to further proactively release information to the public.
A regular review of the IPC’s disclosure log provides a valuable opportunity to analyse data collected from across the IPC on requests for information and to identify trends and documents that could be released proactively. This allows the IPC to update the AIG to reflect the released information. Increased disclosure of information from the disclosure log allows citizens greater opportunity to participate in the policy formulation and service delivery, and identifies trends and documents that could be released proactively.
6.7 The IPC’s Right to Information Officer
The IPC’s Right to Information Officer can be contacted using the details below:
Right to Information Officer, Information and Privacy Commission
Post: GPO Box 7011, SYDNEY NSW 2001
Phone: 1800 472 679
Business Hours: Monday to Friday 9am to 5pm (excluding public holidays)
Office: Level 15, McKell Building 2-24 Rawson Place, Haymarket NSW 2000
Due to COVID-19, the IPC are not taking in-person enquiries and encourages you to contact the agency via email or phone. For more information, please see the COVID-19 webpage.
The IPC can be contacted through the National Relay Service (NRS) on 133 677 for anyone with a hearing or speech impairment and through the Translating and Interpreting Service (TIS) on 131 450 for anyone requiring the assistance of an interpreter.